Tech writers are always pushing people to start using a password manager, and there are very good reasons for that – not least of which is that a password is the lock on the gate to your accounts and sensitive data. If you use a flimsy, easily broken lock your accounts and data are at great risk. It’s not too difficult to create strong passwords but it is extremely difficult, if not impossible, to remember them all. That’s where password managers come into their own, remembering strong passwords and automatically applying them for you in a secure environment.
What follows is not my own work but rather a post I came across from Maria Varzamis on the Sophos Naked Security blog. Maria uses LastPass herself so, when she explains in detail how it works, including advantages and disadvantages, she is writing from firsthand experience:
By Maria Varzamis
A few days ago I wrote my plea to those of you who may still be on the fence about using a password manager. I hope I’ve convinced you to at least give it some serious thought. If you’re ready to give one a try, today I’ll introduce you one of the many available password managers out there.
For the sake of full disclosure, this one happens to be the one I use, but I encourage you to do your own research and use the password manager that best suits your needs. Many people prefer to use password managers where your passwords never see the internet, while other people find the advantages of cloud storage worth the risk.
Password manager: LastPass
Where it stores your passwords: LastPass locally (on your own device) encrypts your passwords, and then stores that encrypted data in “the cloud,” a.k.a. somewhere else on the internet.
Security: Account data stored in the LastPass “vault” (including your passwords) is encrypted using AES. Connecting to the LastPass service can optionally be protected by 2FA for additional security against unauthorized logins.
Cost: It’s free to use the password manager’s basic features, like the browser extension and password vault. Multi-user credential syncing and the LastPass app access require paying for a premium plan…
Maria’s article goes on into much greater detail, read the rest of Maria’s informative article here: Try a password manager: how to get started with LastPass
didnt i just read this past week that someone discovered a flaw in lastpass and that it was not safe in its present form?
You sure did John: https://nakedsecurity.sophos.com/2016/07/27/lastpass-password-manager-zero-day-bug-hits-the-news/
The reports have been slightly exaggerated though, it isn’t exactly a zero-day vulnerability because at this point in time there are no active exploits. The developers are working on a fix, so LastPass users should keep an eye out for updates and apply them asap. In the meantime, I don’t believe there is too much to be concerned over.
I’ve been a paying subscriber for a few years now. Good stuff.
I’m a little late but used to use LastPass for a few years. I liked how it alerted you about security issues if sites you had your password saved on had reported a hack for example.
However I moved to Sticky Password. The main reason is that unlike LastPass it offers a lifetime license and I managed to get a special offer on it. I do miss the security alerts, but I wasn’t willing to pay monthly or yearly and needed something that would work on multiple devices e.g. phone, pc etc.
Isn’t LastPass free? I haven’t paid anything to use mine.
I think their free version only allows you to sync between same style devices if you want to sync to multiple devices such as a pc mobile etc then it costs.
I was using a password manager for many job sites and a lot required very specific passwords so trying to remember them was a pain. I was fine using Lastpass on my desktop but also wanted to login when away on my phone and to do that I’d need a premium which offers no lifetime option.
That’s why I moved to stickyou passwords. Stickys lifetime license means I’ll get all future updates at no extra cost, it syncs to multiple platforms and supports multiple browsers and also has a desktop version that supports some apps.
I have been using LastPass for a long time now. About 3 months ago I changed my LP password. No problem. Then about five days ago LP will not accept it nor will it accept my OTP. Your thoughts?
I always like to read about password managers and I have tried most of them. I found a glitch in roboform, told the developers and they dismissed me offhand. done with that. I use nothing in the cloud. They all say its safe and protected but everyday we see hacks of those “safe and protected” clouds. I use nothing connected in any way to a browser. browsers are not safe so why trust your passwords to one. I finally have decided on PasswordSafe. a simple, computer-based, pretty darn safe program done by Bruce Schneier, a respected security guy. plenty of options, deletes anything from the clipboard after minimizing and also has auto-fill. pretty complete. not as easy as others but then easy is not at the top of my list in password managers…security is.
I used LastPass for a few years until it started restricting the number of passwords that could be saved unless you went premium. I see now that restriction appears to have been lifted.
I switched to KeePass and have used it for the past few years. All the features are enabled in the free version. I am happy and not likely to change back.
hi tom, just read your comment. my thoughts on password managers are simple…just use one. mostly it doesnt matter, but using one will help set long, tough passwords for each site. i have tried them all and, since i personally dont trust anything in the “cloud”, i dont use one that synchs there. i ended up with *password safe*. simple, easy, very tough security, and made by a top, long-time expert in the security field. but in computer stuff, one size does not fit all…so just use one.